REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
81
b'linkks'
75
b'jobert'
70
b'someonenobbd'
62
b'nyymi'
60
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Lichess'
disclosed a bug submitted by
b'closec4ll'
b'Improper Authentication Throttling Allows Attacker-Controlled Account Lockouts '
13 Jun 2025
b'Bykea'
disclosed a bug submitted by
b'bugbountywithmarco'
b'IDOR on in-app hardcoded zombie endpoint '
13 Jun 2025
b'Bykea'
disclosed a bug submitted by
b'bugbountywithmarco'
b'Bypassing Bronze Partner Wallet Restriction to Accept Trips with Negative Balance'
13 Jun 2025
b'Bykea'
disclosed a bug submitted by
b'grassye'
b'Ability to increase any customer offered fare (BAC)'
13 Jun 2025
b'Bykea'
disclosed a bug submitted by
b'back2arie'
b'Broken Access Control (IDOR) in Booking Detail and Bids Could Leads to Sensitive Information Disclosure'
13 Jun 2025
b'Hemi VDP'
disclosed a bug submitted by
b'1_ali_raza'
b'WordPress Version Exposure via /wp-links-opml.php on hemi.xyz'
13 Jun 2025
b'Mars'
disclosed a bug submitted by
b'morphykutay'
b'[XSS] Reflected XSS via POST request in ()'
12 Jun 2025
b'Rootstock Labs'
disclosed a bug submitted by
b'guido'
b'Crafted smart contract can take 1.5 minutes to execute due to inefficient CODESIZE implementation'
12 Jun 2025
b'Rootstock Labs'
disclosed a bug submitted by
b'guido'
b'Crafted smart contract can take ~23 seconds to execute due to immense error string construction'
12 Jun 2025
b'Bykea'
disclosed a bug submitted by
b'bugbountywithmarco'
b'Lack of Feedback Validation Permits Arbitrary Driver Ratings'
12 Jun 2025
b'Lichess'
disclosed a bug submitted by
b'immm'
b'Path Traversal Vulnerability in Lila Project'
09 Jun 2025
b'HackerOne'
disclosed a bug submitted by
b'root_geek280'
b'IDOR Vulnerability at AddTagToAssets operation name'
08 Jun 2025
b'Lichess'
disclosed a bug submitted by
b'oblivionsage'
b'ImageId Format Injection in Image Upload Endpoint'
06 Jun 2025
b'hostinger '
disclosed a bug submitted by
b'aziz0x48'
b'1 Click Account Takeover via Auth Token Theft on marketing.hostinger.com'
06 Jun 2025
b'Shopify'
disclosed a bug submitted by
b'bassem_sadaqah'
b'DoS Vulnerability via Cache Poisoning on cdn.shopify.com and shopify-assets.shopifycdn.com'
04 Jun 2025
b'Insightly'
disclosed a bug submitted by
b'basant0x01'
b'returnUrl= allow attacker to redirect users to the another phising website and takeover credientials'
04 Jun 2025
b'curl'
disclosed a bug submitted by
b'z2_'
b'CVE-2025-5399: WebSocket endless loop'
04 Jun 2025
b'Lichess'
disclosed a bug submitted by
b'oblivionsage'
b'Server-Side Request Forgery (SSRF) via Game Export API'
03 Jun 2025
b'Mozilla'
disclosed a bug submitted by
b'z3phyrus'
b'IDOR: Account Deletion via Session Misbinding Attacker Can Delete Victim Account'
03 Jun 2025
b'HackerOne'
disclosed a bug submitted by
b'w2w'
b'Public GitHub repositories for multiple HackerOne managed triage team profiles contain private HackerOne reports information'
31 May 2025
1
...
3
4
5
6
7
...
733
BY DENIS WERNER - @NOBBD -
IMPRESSUM